Error updating the NVD Data Caused by NvdApiException: NVD Returned Status Code: 503 #6108
Comments
|
HTTP 503 is a server-side error, apparently too many are currently hammering the NIST NVD API, causing it to have availability issues. |
|
OK, same error here. Thanks for the info. Looks like a good candidate for a more useful error message ... |
|
Joy... looks like the ODC user base might be causing some performance degradation on the NVD API... |
|
See #6107 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using a plugin from marketplace of azure devops, this plugin was still working November 20, but unfortunately today I get the following error:
[INFO] Checking for updates
[WARN] An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key
[INFO] NVD API has 171,363 records in this update
[ERROR] Error updating the NVD Data
org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:336)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:110)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:633)
at org.owasp.dependencycheck.App.runScan(App.java:260)
at org.owasp.dependencycheck.App.run(App.java:192)
at org.owasp.dependencycheck.App.main(App.java:87)
Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException: NVD Returned Status Code: 503
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:327)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:315)
... 7 common frames omitted
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (219 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
*omitted some output
[INFO] In dispose, destroying event queue.
[ERROR] Region [NODEAUDIT] : Not alive and dispose was called, filename: NODEAUDIT
[INFO] In dispose, destroying event queue.
[ERROR] Region [CENTRAL] : Not alive and dispose was called, filename: CENTRAL
[INFO] In dispose, destroying event queue.
[ERROR] Region [POM] : Not alive and dispose was called, filename: POM
[ERROR] One or more fatal errors occurred
[ERROR] Error updating the NVD Data
[ERROR] No documents exist
Version of dependency-check used
The problem occurs using version 9.0.0 of the Azure Devops plugin version 6.1.1
To Reproduce
Steps to reproduce the behavior:
running Azure pipeline using dependency check plugin 6.1.1
The text was updated successfully, but these errors were encountered: